[Fedora-directory-users] Dynamic Groups and PAM/NSS _ldap

[Rubin]

Hi Group,

A while ago there was a discussion here about dynamic groups and the
fact that the client(s) needs to handle this.

I've been working with RHDS in combination with HP's LDAP-UX, where the
client side of LDAP-UX does something smart to get dynamic groups
working as posix groups, which is really really cool. Essentially, you
get dynamic posix groups and a getent group (or grget on hp-ux) return
the group including all dynamic (memberURL) and static (memberuid)
members of a group.

I'm trying to get a conclusive answer about if this is possible under
linux. I thought pam_member_attribute would come to the rescue in this
case, but that does not seem to work.

So: is it possible to have dynamic members in a posix group under linux
using nss_ldap and pam_ldap so a "getent group" returns dynamic members?
If not, is there somebody working on it? or maybe even a commercial
tool/add-on?

Kind regards,


Rubin.